Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HSap Netweaver
APPSap600602603604605606617618800802803804805806807
Powiązane podatności
SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści
SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...
SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an a...
SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() ...